Home / Companies / Modal / Blog / Post Details
Content Deep Dive

WireGuard at Modal: Static IPs for Serverless Containers

Blog post from Modal

Post Details
Company
Date Published
Author
Eric Zhang
Word Count
3,035
Company Posts That Month
4
Language
English
Hacker News Points
125
Post removed?
No
Summary

At Modal, a high-availability VPN proxy called vprox was built using Go and WireGuard. This proxy allows containers to funnel outbound traffic through static IPv4 addresses, ensuring consistent source IP addresses for outgoing internet traffic. The proxy uses SOCKS5 proxies initially but later switched to WireGuard, which provides better security and consistency. To configure networking for the proxy, a policy-based routing system was implemented, allowing traffic from one container to go through a designated VPN interface without affecting its neighbors. This setup is essential for multi-tenant Modal workers that run gVisor sandboxes on shared hosts. The proxy server uses sysctl settings to relax reverse path filtering and ensure reliable operation across Linux distributions. The vprox control plane was open-sourced, allowing developers to configure various aspects of the networking system, including IP discovery and client reconnection.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Serverless 9 778 155 73 +74%
Developer Experience 1 292 156 81 +38%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.